Tamper resistant postal security device with long battery life

ABSTRACT

In accordance with the invention, a postal security device (PSD) ( 10 ) contains a non-volatile memory ( 13 ) which does not depend on battery power such as an EEPROM ( 13 ), and contains a nonvolatile memory ( 14, 16 ) which does depend on battery power, such as a static RAM. The PSD ( 10 ) also contains an encryption engine ( 12, 14, 22 ). An encryption key is developed and is stored in the static RAM ( 14 ), which is sized to be only large enough to contain the encryption key. A large body of data, too large to fit in the static RAM, is encrypted by means of the encryption engine ( 12, 14, 22 ) and with reference to the encryption key, and is stored in the EEPROM ( 13 ). This body of data typically includes cryptographic keys and sensitive bit-images. When the PSD is powered, a large RAM (typically a dynamic RAM) ( 16 ) is available to receive the large body of data, decrypted using the encryption key. A tamper switch ( 17 ) cuts power to both RAMs ( 14, 16 ) in the event of tampering.

The invention relates generally to postage meters (franking machines),and relates particularly to systems in which postage value is stored ina postal security device (PSD) so as to be protected against undetectedtampering. The application claims priority from U.S. application No.60/078,489, filed Mar. 18, 1998, which application is incorporatedherein by reference to the extent permitted by the designated andelected States hereto.

BACKGROUND

In recent years it has been proposed to print postal indicia by means ofconventional nonsecure printers such as laser printers, ink-jetprinters, and thermal transfer printers. Such printers are termed“nonsecure” because the printer itself is not in a secure housing andbecause the communications channel linking the printer to otherapparatus is nonsecure. Under such a proposal, the question naturallyarises what would prevent a user from printing the same postal indiciumrepeatedly, thereby printing postal indicia for which no money has beenpaid to the post office. The proposed anti-fraud measure is to storeinformation within the indicia which would permit detecting fraud. Theindicium would include not only human-readable text such as a date and apostage amount, but would also include machine-readable information, forexample by means of a two-dimensional bar code. The machine-readableinformation would be cryptographically signed, and would include withinit some information intended to make fraud more difficult. Theinformation would typically include an identification of the postagemeter license (granted by the meter manufacturer or by the postalauthorities, depending on the country), an indication of the number ofmail pieces franked, the postage amount, a postal security deviceidentifier about which more will be said later, the date and time, and azip code or post code of the mail piece addressee.

The typical apparatus for printing such “encrypted indicia” postageincludes what is called a postal security device or PSD. The PSD has asecure housing, and within the secure housing are the accountingregisters as well as a cryptographic engine. The engine permitscryptographic authentication and signing for communication with anexternal device such as the computer of the meter manufacturer or of thepost of ice. The engine also permits creation of postal indicia whichcontain specified information and which are cryptographically signed.The PSD may well be physically small as compared to traditional postagemeters. The PSD may be the size of a PCMCIA card or the size of a smartcard.

Within the PSD the memory must be protected against inadvertent damagedue to malfunction of the processor of the PSD, for example as set forthin U.S. Pat. No. 5,668,973, Protection system for critical memoryinformation owned by the same assignee as the assignee of the presentapplication. The PSD must handle power failure in a graceful fashion,for example as set forth in U.S. Pat. No. 5,712,542, Postage meter withimproved handling of power failure, also owned by the same assignee asthe assignee of the present application.

To reduce smudging, the printer may preferably be that described in PCTpublication no. 97-46389, Printing apparatus, also owned by the sameassignee as the assignee of the present application. While it has beenproposed that the PSD contain a real-time clock which is keeping timecontinuously, desirably this requirement may be avoided as described inPCT publication no. 98-08325, Printing postage with cryptographicclocking security, also owned by the same assignee as the assignee ofthe present application. PSDs can form part of a network with multipleprinters as described in PCT publication no. 98-13790, Proof of postagedigital franking, also owned by the same assignee as the assignee of thepresent application.

The postal authorities face the question how the PSD can be protectedfrom tampering. For example, the entire system of PSDs depends on theuse of cryptographic keys. The keys are used for authenticatingcommunications between the PSD and the manufacturer's system or thepostal authority's system. Such communications are used to set up andmaintain the PSDs, and are used to refill or “reset” the PSDs to reflectthe ability to print more postage. The keys are also used tocryptographically “sign” information printed in the postal indicia. Ifthe cryptographic keys were compromised, a user might be able to defraudthe post office or the PSD manufacturer or both.

Many approaches have been proposed for protection of such cryptographickeys from compromise. The usual approach is to place the cryptographickeys in a RAM (random access memory) of a type which keeps its contentsonly so long as the RAM receives power from a battery. The securehousing of the PSD is designed to include a tamper switch, so that ifthe secure housing is tampered with, the switch opens. The switchinterrupts power to the RAM (and, in particular, interrupts batterypower to the RAM) and its contents are lost. In this way the informationin the RAM (for example, the cryptographic keys) is protected fromtampering. Another proposed approach is to employ commercial memorychips (such as the Dallas Semiconductor DS1283 and Benchmarq bq3283)offer a pin on the package which will clear the memory based on apredetermined input voltage level. The tamper switch is set up to applythe predetermined voltage upon detection of tampering.

Many approaches have also been proposed for detection of the tampering.In EP 820 041, for example, it is suggested that the secure housing ofan old-style mechanical or electromechanical postage meter be set up tocontain an air pressure that is distinctively higher than or lower thannormal atmospheric pressure. If the secure housing is violated, thepressure within the secure housing changes to match the ambientpressure. A sensor within the housing detects the pressure change andthus the violation. The sensor disables further function of the postagemeter.

The approach of cutting power to a volatile memory such as the RAMdiscussed above has a drawback in that during periods of power-down, theRAM depends on an internal battery to avoid loss of the information inthe RAM. Depending on the requirements of the postal authority, and ondesign decisions made by the PSD manufacturer, the quantity of datarequiring protection may be quite large. The data to be protected mayinclude cryptographic keys used for PSD configuration, keys used forremote resetting (refilling), keys used for signing postal indicia, andkeys used for the management of the other keys. In addition it may bedesired to protect the bit-images used to generate the human-readableportion of the printed indicia. A RAM big enough to hold all of theseimportant items of data will also draw a non-negligible current from theinternal battery. This may lead to a limited and commerciallyunacceptable battery life.

It would thus be desirable to have a PSD design which protects the manyimportant items of data stored within, and yet which does not draw verymuch battery power and so permits a commercially acceptable batterylife.

SUMMARY OF THE INVENTION

In accordance with the invention, a postal security device (PSD)contains a nonvolatile memory which does not depend on battery power,such as an EEPROM, and contains a nonvolatile memory which does dependon battery power, such as a static RAM. The PSD also contains anencryption engine. An encryption key is developed and is stored in thestatic RAM, which is sized to be only large enough to contain theencryption key. A large body of data, too large to fit in the staticRAM, is encrypted by means of the encryption engine and with referenceto the encryption key, and is stored in the EEPROM. This body of datatypically includes cryptographic keys and sensitive bit-images. When thePSD is powered, a large RAM (typically a dynamic RAM) is available toreceive the large body of data, decrypted using the encryption key. Atamper switch cuts power to both RAMs in the event of tampering. In thisway, the battery power required to maintain the PSD during power-offperiods is minimal, and yet the large body of data will be inaccessiblein the event of tampering.

DESCRIPTION OF THE DRAWING

The invention will be described with respect to a drawing, of which:

FIG. 1 is a schematic functional block diagram of a system according tothe invention.

DETAILED DESCRIPTION

FIG. 1 shows a postal security device (PSD) in accordance with theinvention. The PSD has a microprocessor 12 which communicates on a bus23 with an input/output (I/O) device 18, a memory which does not requirebattery backup 13 which may be for example an EEPROM or flash memory, arelatively small RAM 14, a ROM 22, and a larger RAM 16. The I/O device18 communicates with external apparatus by means of communicationschannel 19 which may be a serial asynchronous data line. External power21 and ground 20 are also defined. The larger RAM 16, and most otheractive components receive external power. The smaller RAM 14 isadditionally able to receive power from a backup battery 15, preferablya lithium cell with a very long (e.g. ten year) life. A tamper switch 17is provided which, when triggered, can cut power to both the small RAM14 and the large RAM 16.

A large body of data is assumed to require protection from a tamperinguser. The EEPROM is selected to be large enough to hold this body ofdata after it has been encrypted. When power is applied and the systemis stable, the body of data (or selected portions thereof) is decryptedand transferred to RAM 16. This decryption is performed by themicroprocessor 12 executing a decryption routine stored in the ROM 22,and the decryption is done with respect to a decryption key in the RAM14. Alternatively the decryption may be performed by an optional engineomitted for clarity in FIG. 1. The decrypted data in RAM 16 are used asneeded for the ordinary functions of the PSD, which includecommunicating via the communications channel 19 with a user computer,with a manufacturer's system, or with a postal authority system, and caninclude generating postal indicia which are to be printed by means of aprinter.

When external power 21 is cut off, or when the PSD undergoes a normalpower-down routine, the information in the RAM 16 is lost. In contrast,the information in the RAM 14 is preserved even when external power 21is lost, because of battery 15.

During normal operation the body of data that requires protection from atampering user (or some portion of it) may be located “in the clear”,that is, unencrypted, in the RAM 16. In the event that this data haschanged, it may be necessary to encrypt the data and to store it againin the memory 13. This encryption is performed by the processor 12executing encryption software in the ROM 22, or may optionally beperformed by an encryption engine omitted for clarity in FIG. 1.

The power-down condition for the PSD 10 assumes that no power is presentat line 21. In that event, the only powered device is RAM 14. RAM 14 waspurposefully selected to be large enough to hold the encryption key butnot much larger, and in any event is smaller than the large body of datathat is understood to require protection from a tampering user. Becauseof the limited size of the RAM 14, it does not draw as much current fromthe battery 15 as would be drawn by a larger RAM such as RAM 16. Thus,the battery life is optimized, especially as compared with the shorterbattery life that would result if the large body of data were all inbattery-backed-up RAM.

Tampering may happen during a time when external power 21 is present. Ata minimum, the tamper switch should cut power to the RAM 14. (Or,alternatively, the tamper switch should apply to RAM 14 thepredetermined voltage that clears the RAM.) Preferably the tamper switchwill also cut power to the RAM 16 (or clear the RAM 16), for the reasonthat some of the body of sensitive data may be present “in the clear” inthe RAM 16, and should not fall into the hands of the tampering user.Alternatively the tamper switch might trigger an interrupt in theprocessor 12 which would cause the processor 12 to clear the sensitiveportions of the RAM 16.

Tampering may also happen during a time when external power 21 isabsent. In such a case, the RAM 16 is already, by definition, empty, asit is unpowered. The tamper switch causes the RAM 14 to be cleared. Ifthe tampering user extracts the contents of the memory 13, this is oflittle significance, because the contents are useless unless decryptedwith the assistance of the key that is no longer present in the RAM 14.If the PSD 10 is powered up again after the tampering, the decryptionroutine will not work because the key of RAM 14 is gone. In addition,desirably the processor 12, under program control, will note the factthat RAM 14 is empty and will immediately attempt to send a message viacommunications channel 19 to the manufacturer or to the postalauthority.

Those skilled in the art will readily appreciate that designconsiderations may prompt the use of electrical components in additionto or instead of those shown in FIG. 1, none of which depart in any wayfrom the invention. For example, dedicated cryptographic chips may beemployed which take some of the computational burden from themicroprocessor. As another example, the particular way in which thetamper switch cuts power to the RAM may be varied, and the particulartype of tamper switch may be selected among several types, all withoutdeparting in any way from the invention. Those skilled in the art willindeed have no difficulty devising obvious variations and improvementsto the invention, all of which are intended to be encompassed by theclaims that follow.

1. A method for use with a postal security device comprising a securehousing, and within the secure housing a body of data having a size,said postal security device also having within the secure housing meansfor generating print data for printing of postage indicia, saidgenerating of said print data relying in part on the body of data, saidpostal security device also having within the secure housing a firstmemory sized to accommodate the body of data, said first memory of atype not requiring electrical power to maintain the contents thereof,the postal security device also having within the secure housing asecond memory not large enough to accommodate the body of data, saidsecond memory of a type that requires electric power to maintain itscontents, said postal security device also comprising a battery poweringthe second memory and a tamper switch mechanically coupled with thesecure housing so that upon tampering with the secure housing the secondmemory is disconnected from the battery, said postal security devicefurther comprising an encryption key stored within said second memory,said postal security device further comprising a cryptographic engine;the method comprising the steps of: storing the encryption key withinthe second memory; encrypting the body of data by the cryptographicengine with respect to the encryption key; storing the encrypted body ofdata in the first memory; upon power-up of the postal security devicedecrypting the encrypted body of data with the cryptographic engine withrespect to the encryption key; temporarily storing the decrypted body ofdata in a third memory, wherein upon power down of the postal securitydevice the decrypted body of data is lost; in the event of tamperingwith the postal security device, removing power from the second memoryand the third memory resulting in a loss of the encryption key and thedecrypted body of data; and requiring battery power for the secondmemory in order to minimize a need for back-up battery power in thepostal security device, the second memory being limited in data storagecapacity size in order to minimize battery power consumption when thesecond memory relies on back-up battery power.
 2. A method for use witha postal security device comprising a secure housing, and within thesecure housing a body of data having a size, said postal security devicealso having within the secure housing means for generating print datafor printing of postage indicia, said generating of said print datarelying in part on the body of data, said postal security device alsohaving within the secure housing a first memory sized to accommodate thebody of data, said first memory of a type not requiring electrical powerto maintain the contents thereof, the postal security device also havingwithin the secure housing a second memory not large enough toaccommodate the body of data, said second memory of a type that requireselectric power to maintain its contents, said postal security devicealso comprising a battery powering the second memory and a tamper switchmechanically coupled with the secure housing so that upon tampering withthe secure housing the second memory is disconnected from the battery,said postal security device further comprising an encryption key storedwithin said second memory, said postal security device furthercomprising a cryptographic engine; the method comprising the steps of:storing the encryption key within the second memory; encrypting the bodyof data by the cryptographic engine with respect to the encryption key;storing the encrypted body of data in the first memory; upon power-up ofthe postal security device decrypting the encrypted body of data withthe cryptographic engine with respect to the encryption key; temporarilystoring the decrypted body of data in a third memory, wherein upon powerdown of the postal security device the decrypted body of data is lost;in the event of tampering with the postal security device, removingpower from the second memory and the third memory resulting in a loss ofthe encryption key and the decrypted body of data; and limiting a sizeof data stored in the second memory to the encryption key in order tomaximize a life of the battery powering the second memory.
 3. The methodof claim 2 further comprising, upon power-up of the postal securitydevice, detecting a presence of the encryption key, and if not present,transmitting a message to an administrator of the postal security deviceindicating a breach of the postal security device.
 4. The method ofclaim 2 further comprising determining that the data in the secondmemory is lost and automatically notifying a postal authority.
 5. Apostal security device having improved battery power consumption duringpower-off periods comprising; a first memory device for storingencrypted data, the first memory device being connected to a main powersource and not connected to a back-up battery power source; a secondmemory device having a memory storage capacity sufficient to store onlyan encryption key, the encryption key being used to decrypt theencrypted data stored in the first memory device when the postalsecurity device is powered on, the second memory being connected to boththe main power source and the back-up battery power source, the secondmemory device having a data storage capacity size limited to theencryption key to minimize battery power consumption when the secondmemory relies on back-up battery power, only the second memory having abattery source in order to minimize a need for back-up battery power; anencryption engine adapted to decrypt the encrypted data using theencryption key during power on; and a third memory for temporarilystoring the decrypted data, the third memory being connected only to themain power source; wherein when the main power source is interrupted,the decrypted data in the third memory is lost while the second memoryretains the encryption key, and since only the second memory requiresback-up battery power, battery power consumption of the postal securitydevice is reduced.
 6. The postal security device of claim 5 furthercomprising an anti-tamper device adapted to interrupt power to thesecond memory device and the third memory device, wherein the body ofdecrypted data is lost and the encryption key is not available.
 7. Thepostal security device of claim 5 further comprising a postal indiciagenerator adapted to receive the decrypted body of data from the postalsecurity device over a communications channel and print a postal indiciarelying in part of the decrypted body of data.
 8. A postal securitydevice comprising: a secure housing, and within the secure housing: afirst nonvolatile memory device not having a backup battery power sourceand adapted to store an encrypted body of data when power is applied tothe postal security device and when power is not applied to the postalsecurity device; a second nonvolatile memory device having a backupbattery power source and having a storage capacity only large enough tostore an encryption key, the second non volatile memory having a limiteddata size tied to the encryption key to maximize a life of the back-upbattery power source; an encryption engine adapted to encrypt a body ofdata with reference to the encryption key in order to form the encrypteddata stored in the first nonvolatile memory; a third memory device nothaving a backup battery and adapted to temporarily store a body ofdecrypted data while the postal security device is powered on, the bodyof decrypted data being transferred to the third memory device from theencryption engine when the postal security device is initially poweredon, the encryption engine decrypting the decrypted data stored in thesecond memory device with respect to the encryption key when the postalsecurity device is powered on; and wherein when the postal securitydevice powers down, the body of decrypted data temporarily stored in thethird memory device is lost and battery power required to maintain thepostal security device is minimized.
 9. The postal security device ofclaim 8 further comprising a means for generating print data for theprinting of postal indicia, the generating of the print data relying inpart on the decrypted body of data.
 10. The postal security device ofclaim 4 further comprising an anti-tamper device adapted to interruptpower to the second memory device and the third memory device when thesecure housing of the postal security device is tampered with, whereinthe body of decrypted data is lost and the encryption key is notavailable.
 11. The postal security device of claim 4 wherein the body ofdata includes cryptographic keys and sensitive bit-images.
 12. Thepostal security device of claim 4 further comprising a detection deviceadapted to detect that the second non-volatile memory device is nolonger storing the encryption key and send a message via acommunications channel to an administrator of the postal security devicefor action.
 13. A method of improving back-up battery power consumptionin a postal security device comprising: storing a body of encrypted datain a first memory device that does not have a back-up battery powersource, the encrypted data being encrypted by an encryption engine withrespect to an encryption key; storing the encryption key in a secondmemory device in the postal security device, only the second memorydevice having a back-up battery power source and having a maximumstorage capacity limited to a size of the encryption key and limitingdata storage capacity size of the second memory in order to minimizebattery power consumption when the second memory relies on back-upbattery power, wherein a need for back-up battery power in the postalsecurity device is minimized; powering up the postal security device andautomatically decrypting the encrypted data with respect to theencryption key stored in the second memory device; temporarily storingthe decrypted data in a third memory device not having a back-up powersource, wherein if power to the postal security device is interrupted,the decrypted data is lost and only the encryption key stored in thesecond memory device having the battery back-up is maintained; andcausing the decrypted data in the third memory device and the encryptionkey to be lost if the postal security device is tampered with.
 14. Themethod of claim 13 further comprising generating an electrical signalwhen the postal security device is tampered with that causes the secondmemory device and the third memory device to automatically clear theirrespective memories.
 15. The method of claim 13 further comprising, ifthe postal security device is tampered with, interrupting mainelectrical power to the second memory and the third memory andinterrupting back-up electrical power to the second memory, wherein theinterruption of main and back-up electrical power causes the secondmemory and the third memory to be cleared.
 16. The method of claim 13further comprising minimizing an amount of back-up battery powerconsumed by the postal security device when the postal security deviceis powered down by requiring back-up power only for the second memory.17. The method of claim 13 further comprising storing only theencryption key and the encrypted body of data when no power is suppliedto the postal security device and only the back-up power is supplied tothe second memory device.
 18. The method of claim 13 further comprisinggenerating a postal indicia relying in part on the decrypted body ofdata and transmitting the postal indicia over a communications channelto a printer for printing the postal indicia.